Configuring SNMPv3 on Juniper SRX / Junos

I love my Juniper gear, but some things are definitely more “verbose” to setup than need be, and SNMPv3 is one of them. And the KB docs don’t really helpeither. I found setting up OSPF easier than SNMPv3! But given the flexibility that Junos provides, I guess I’ll let them slide 😉

With many of the features in the Junos CLI, I am usually able to get it done using the autocomplete, but the SNMPv3 config is a tad confusing, at least in terms of how it needs to be configured. With other devices, it’s usually just a matter of choosing SNMPv3, setting up the username and AuthPriv settings. But there is a method to Juniper’s madness. Ethan Banks explains it well in this post. Basically the flow is this:

The USM (user security model) is what allows you to define the user and the corresponding authentication/privacy settings (or none, but then why are you using SNMPv3???). The VACM (view-based access control model) is what allows you to map the USM security “user” to a particular view, or “group” with read/write/no permissions. Well, that’s an over simplification, but that’s how I make sense of it in my pea-brain. It becomes more clear when you view the actual SNMP config:

This is the “minimal” config I’ve used to setup SNMPv3 on my Junos gear, YMMV. Obviously, Juniper’s intent is that you can setup access to SNMP data in a very granular way. So for instance, you could create a USM user “SNMPWRITER” that has write access to only a subset of the OIDs so that helpdesk folks can reset ports on the campus access switches.